[Leaplist] duplicity recommendation

Dan Cherry dscherry at bellsouth.net
Sun Jan 13 11:35:30 GMT 2008 

On Sunday 13 January 2008 1:13:34 am John Simpson wrote:
> On 2008-01-12, at 1538, Dan Cherry wrote:
> > I've been doing my backups with tar over ssh, and started looking
> > into rsync.
> > Debian admin mentioned a pkg called 'duplicity' which uses rsync.
> > Anyone with experience using 'duplicity', care to comment on whether
> > it's
> > worked for them, or if there are any drawbacks (or showstoppers)?
>
> no... i'm using rsync within ssh.
> http://www.jms1.net/code/rsync-backup.shtml has the details. (this page has
> been sitting there, half-written, for months... your question prompted me
> to finally finish it. thank you.)
>
> i remember looking at duplicity in the past. for me, the big advantage
> would be the encryption of the backups. however, since i control both
> the machine being backed up AND the machine which is pulling the
> backups, i don't have a real need for encrypted backups.
>
> i also like the fact that, if i have a real need, i can ssh to the
> backup machine (which is in my house) and access individual files from
> within the backed-up image. this allows me to quickly restore
> individual files, as well as access large files from the server
> without having to scp them back across the wire again- they're already
> inside the house, so i can access them at 100Mb ethernet speed.
>
> one advantage of doing what i'm doing is that i'm "pulling" the
> backups using a script on the backup repository machine, rather than
> the server itself "pushing" the backups to some other box. looking at
> the documentation...
>
> from http://duplicity.nongnu.org/duplicity.1.html , "Examples",
>
> example #4:
> > Duplicity enters restore mode because the URL comes before the local
> > directory.
>
> to me, this says that the URL (i.e. the remote server) MUST BE the
> backup archive, and the local directory MUST BE the files you with to
> back up.
>
> the way i do it, the scripting runs on the backup repository machine-
> the only thing it requires on the production servers is sshd and the
> rsync package. my script "pulls" the files, which means that the
> backup server has access to the live server. to me it makes more
> sense, and "feels" more secure, because the backup server can be
> behind a NAT'ed cable modem connection somewhere, where the outside
> world can't get into it. the live server has to be on the outside in
> order to do its job- a dedicated backup machine doesn't.
>
> ----------------------------------------------------------------
>
> | John M. Simpson    ---   KG4ZOW   ---    Programmer At Large |
> | http://www.jms1.net/                         <jms1 at jms1.net> |
>
> ----------------------------------------------------------------
>
> | http://video.google.com/videoplay?docid=-1656880303867390173 |
>
> ----------------------------------------------------------------
Nice writeup, John!  Thanks.  At first, I was thinking about skipping ssh, 
since all machines are behind my home firewall, but it's just not that hard 
to include the security elements, and it's good practice.

-- 
Dan
Finding a solution to the problem doesn't solve the problem,
Implementing the solution solves the problem.

More information about the Leaplist mailing list